CN102073236B - Unit using operating system and image forming apparatus using the same - Google Patents

Abstract

The present invention provides a unit using an operating system and an image forming apparatus using the same. A chip mountable on a customer replaceable unit monitor (CRUM) unit for an imaging device, the chip includes a central processing unit (CPU) that uses its own operating system (OS) to execute and image Encrypted data communication of the main body of the device. Thereby, the security of the unit mounted with the chip can be enhanced, and arbitrary change of data of the unit can be prevented.

Description

Unit using the operating system and imaging device using the same

This application is a divisional application of an invention patent application with an application date of March 2, 2009, an application number of 200910007789.2, and an invention title of "a unit using an operating system and an imaging device using the unit".

technical field

The present general inventive concept relates to a unit including a built-in central processing unit (CPU) and an image forming apparatus using the same. More particularly, the present general inventive concept relates to a unit made more secure by including a CPU having an operating system (OS), and an image forming apparatus using the same.

Background technique

As computers have become more widely used, peripheral devices have also become common. Examples of peripheral devices are image forming devices such as printers, scanners, copiers, and multifunction devices.

An imaging device uses ink or toner to print an image onto paper. Ink and toner are used whenever an image forming operation is performed until the ink or toner is finally exhausted. If the ink or toner is lacking, the user must replace the unit for storing the ink or toner. These components that can be replaced while using the imaging device are called consumables or replaceable units.

Among the replaceable units, some units other than those that have to be replaced when ink or toner is exhausted must be replaced after being used for a predetermined period of time. Since the properties of these units change after a predetermined period of time and the print quality decreases accordingly, these units must be replaced even if the ink or toner is not exhausted.

For example, a laser image forming apparatus includes a charging unit, a transfer unit, a fixing unit, etc., and different types of rollers and belts used in each unit may wear out or be damaged due to use beyond a limited lifetime. As a result, print quality may be significantly reduced. Therefore, the user has to replace such replaceable units at an appropriate time.

A use state index can be utilized to determine when to replace a replaceable unit. The usage state index represents an index indicating the degree of use of the image forming apparatus, for example, the number of sheets of paper printed by the image forming apparatus and the number of dots forming an image. The image forming apparatus may determine when to replace the replaceable unit by measuring the number of pages or the number of dots printed by the image forming apparatus.

Recently, in order for a user to accurately determine when to replace each replaceable unit, each replaceable unit includes a built-in customer replaceable unit monitor memory (CRUM memory). A usage status indicator for each replaceable unit is stored in CRUM memory. Therefore, even if each replaceable unit is separated and used in a different image forming apparatus, the use state of each replaceable unit can be accurately determined.

However, a conventional replaceable unit having a CRUM memory has a problem that a user can easily access the CRUM memory. The information stored in CRUM memory varies greatly from basic information about the manufacturer to information about the state of recent use. If this information is modified, it will be difficult to enjoy after-sales service and calculate an appropriate time to replace the replaceable unit. Specifically, if the information on the manufacturer is modified, it cannot be determined whether the information on the manufacturer is authentic, and therefore, it is difficult to manage the replaceable units.

Contents of the invention

The present general inventive concept provides a unit which becomes more secure by having a built-in CPU having its own operating system (OS), and an image forming apparatus having the same.

Additional characteristics and utility of the general concept of the present invention will be partly set forth in the following description, and some parts will be clear from the description, or can be known through the practice of the general concept of the present invention.

Embodiments of the present general inventive concept can be realized by providing a chip mountable on a replaceable unit for an image forming apparatus, the chip comprising: a central processing unit (CPU) with its own operating system (OS), The OS is separated from the OS of the imaging device, so that the CPU uses its own OS to perform encrypted data communication with the main body of the imaging device.

The CPU can perform initialization using its own OS independently of the main body of the imaging device.

The CPU may perform the encrypted data communication such that when a communication message including data and first message authentication code (MAC) information is transmitted from the main body of the image forming apparatus, the CPU transmits the encrypted data by applying a key and an encryption algorithm The data portion of the communication message to generate the second MAC information, and when the generated second MAC is compared with the first MAC information of the transmitted communication message and is consistent with the first MAC information, the generated second MAC is considered to be is a valid communication message and is processed.

When the imaging device is turned on, or when a replaceable unit having the chip is mounted on the imaging device, the CPU may perform initialization according to its own OS, and the CPU may perform initialization from the main body of the imaging device before the initialization is completed. The command does not respond, and when initialization is completed, the CPU can perform encrypted data communication.

The chip may further include a storage unit storing information on at least one of the chip, a customer replaceable unit monitor (CRUM) unit, a replaceable unit having the CRUM unit, and an OS of the CPU.

The OS of the CPU can drive at least one of the chip, the CRUM unit and the replaceable unit, and the OS of the CPU can be a kind of software, and the software executes at least one of the following: independently operating the chip, An initialization operation of initializing a state of the CRUM unit and the replaceable unit; a processing operation of executing a public encryption algorithm; and a mutual authentication operation with the main body of the imaging device.

The chip may further include: a tamper detector responding to a physical tampering attempt; and a cipher unit allowing the CPU to perform encrypted data communication with a main body of the imaging device by applying a preset encryption algorithm among a plurality of encryption algorithms .

The encryption algorithm used to encrypt data communications is variable.

The CPU may receive, from a main body of the image forming apparatus, a value of a degree of consumables used for an image forming job when the image forming job is performed, and the CPU may add the value to information on use of consumables stored in a storage unit, and then Refreshes the information on the usage of consumables stored in the memory unit.

Embodiments of the present general inventive concept can be realized by providing a CRUM unit capable of being used for an image forming job, the CRUM unit including: a storage unit storing information on a unit in which the CRUM unit is installed; and a CPU using its own operation A system (OS) manages the storage unit and performs encrypted data communication with the main body of the image forming apparatus, the OS of the CPU being separate from the OS of the image forming apparatus.

The CPU can perform initialization using its own OS independently of the main body of the imaging device.

The OS of the CPU can drive the CRUM unit or the replaceable unit installed with the CRUM unit, and the OS of the CPU can be a kind of software that executes at least one of the following: independently operating the CRUM unit or An initialization operation of initializing the state of the replaceable unit; a processing operation of executing a common encryption algorithm; and a mutual authentication operation with a main body of the imaging device.

The CPU may perform the encrypted data communication such that when a communication message including data and first message authentication code (MAC) information is transmitted from the main body of the image forming apparatus, the CPU transmits the encrypted data by applying a key and an encryption algorithm The data portion of the communication message to generate the second MAC, and when the generated second MAC is compared with the first MAC information of the sent communication message and is consistent with the first MAC information, the generated second MAC is considered to be Valid communication messages are processed.

When the imaging device is turned on, or when a replaceable unit having the CRUM unit is mounted on the imaging device, the CPU may perform initialization according to its own OS, and respond to commands from the main body of the imaging device before the initialization is completed. Do not respond.

The CRUM unit may further include: an interface unit that connects the imaging device to the CPU; a tamper detector that responds to a physical tampering attempt; and a cipher unit that allows the The CPU performs encrypted data communication with the main body of the imaging device.

The encryption algorithm used to encrypt data communications is variable.

The CPU may receive, from a main body of the image forming apparatus, a value of a degree of consumables used for an image forming job when the image forming job is performed, and the CPU may add the value to information on use of consumables stored in a storage unit, and then Refreshes the information on the usage of consumables stored in the memory unit.

Embodiments of the present general inventive concept can be realized by providing a replaceable unit installable in an image forming apparatus for an image forming job, the replaceable unit including: a storage unit storing information on the replaceable unit; and a CPU , manages the storage unit using its own operating system (OS), which is separate from the OS of the imaging device, and performs encrypted data communication with the main body of the imaging device.

The CPU can perform initialization using its own OS independently of the main body of the imaging device.

The OS of the CPU can drive the replaceable unit, the OS of the CPU can be a kind of software, and the software performs at least one of the following: an initialization operation independently initializing the state of the replaceable unit; executing a public encryption algorithm processing operations; and mutual authentication operations between the main body of the imaging device and the replaceable unit.

The CPU may perform the encrypted data communication such that when a communication message including data and first message authentication code (MAC) information is transmitted from the main body of the image forming apparatus, the CPU transmits the encrypted data by applying a key and an encryption algorithm The data portion of the communication message to generate the second MAC, and when the generated second MAC is compared with the first MAC information of the sent communication message and is consistent with the first MAC information, the generated second MAC is considered to be Valid communication messages are processed.

The CPU may perform initialization when the image forming apparatus is turned on, or when the replaceable unit is mounted on the image forming apparatus, and may not respond to a command from a main body of the image forming apparatus until the initialization is completed.

The replaceable unit may further include: an interface unit connecting the imaging device to the CPU; a tamper detector responding to a physical tampering attempt; and a cipher unit by applying a set encryption algorithm among a plurality of encryption algorithms, The CPU is allowed to perform encrypted data communication with the main body of the imaging device.

The encryption algorithm used to encrypt data communications is variable.

The CPU may receive, from a main body of the image forming apparatus, a value of a degree of consumables used for an image forming job when the image forming job is performed, and the CPU may add the value to information on use of consumables stored in a storage unit, and then Refreshes the information on the usage of consumables stored in the storage unit.

Embodiments of the present general inventive concept can be realized by providing an image forming apparatus including: a main controller; and at least one unit including a storage unit storing information and a CPU using its own The operating system (OS) of the CPU manages the storage unit and performs encrypted data communication with the main controller, and the OS of the CPU is separate from the OS of the main controller.

The CPU can perform initialization using its own operating system independently of the main controller.

The CPU may perform the encrypted data communication such that when a communication message including data and first message authentication code (MAC) information is transmitted from the main body of the image forming apparatus, the CPU transmits the encrypted data by applying a key and an encryption algorithm The data portion of the communication message to generate the second MAC, and when the generated second MAC is compared with the first MAC information of the sent communication message and is consistent with the first MAC information, the generated second MAC is considered to be Valid communication messages are processed.

Before the encrypted data communication, the main controller may attempt to perform authentication by receiving unique digital signature information set for each of the at least one unit.

The main controller can perform encrypted data communication by applying the RSA asymmetric key algorithm and one of the ARIA, Triple Data Encryption Standard (TDES), SEED, and Advanced Encryption Standard (AES) symmetric key algorithms, and the CPU of the unit passes Apply one of ARIA, TDES, SEED and AES symmetric key algorithms to perform encrypted data communication.

The unit may further include: a cipher unit for allowing the CPU to perform authentication or encrypted data communication with the main controller by applying a set encryption algorithm among a plurality of encryption algorithms; and a tamper detector for detecting physical tampering attempts response.

The master controller is connectable to the at least one unit through a serial I/O channel, and accesses the at least one unit using a respective address assigned to each unit.

When performing a job, the main controller may measure the value of the degree of the consumables used for the job, transmit the measured value to each CPU of the at least one unit, compare the value with the value previously stored in the storage unit The information on the use of the consumables is added, and then the information on the use of the consumables stored in the storage unit is refreshed.

The OS of the CPU may drive the unit, and the OS of the CPU may be a software that performs at least one of: an initialization operation; a processing operation for executing a public encryption algorithm; and a main controller and all Mutual authentication operation between the above units.

The unit may be one of: a replaceable unit directly related to an image forming operation of the image forming apparatus; a CRUM unit mountable on the replaceable unit; and a chip mountable on the CRUM unit.

Embodiments of the present general inventive concept can be realized by providing a computer-readable medium containing computer-readable code as a program for executing a method comprising: using a central processing unit (CPU) An operating system (OS) of the CPU is separate from the OS of the imaging device to perform encrypted data communication with the main body of the imaging device.

Embodiments of the present general inventive concept can be realized by providing a chip mountable on a replaceable unit for an image forming apparatus, the chip comprising: a central processing unit (CPU) with its own operating system (OS), The OS is separated from the OS of the imaging device so that the CPU performs encrypted data communication with the main body of the imaging device using its own OS; and a storage unit that stores information about the chip, a customer replaceable unit monitor (CRUM) unit, Information about at least one of the replaceable unit of the CRUM unit and the operating system of the CPU, wherein the OS of the CPU is set in a storage unit located inside the chip, or is set outside the chip in the memory.

According to an exemplary embodiment of the present general inventive concept, a CPU having its own operating system (OS) is installed on the unit so that the unit can independently manage the storage unit. The unit may be a chip, a CRUM unit or a replaceable unit. The OS is driven so that initialization, encryption algorithm driving, and authentication with the main body of the imaging device can be performed.

Even when the master key is not stored in the imaging device having the unit, the imaging device can perform authentication or encrypted data communication with the unit. Therefore, the master key can be prevented from being leaked. Authentication or encrypted data communication can be performed using a MAC generated based on a random value and electronic signature information. This encryption provides a high level of data security by applying a symmetric key algorithm and an asymmetric key algorithm to perform authentication.

Various encryption algorithms can be selectively applied to authenticate and encrypt data communication. Even if the currently used encryption algorithm is attacked by physical theft, the attack can be prevented by replacing the currently used key with a key of another encryption algorithm (without needing to replace the unit with a new one).

If multiple units are used, electronic signature information is set for each unit. Each unit is assigned an individual address so that the units can be connected to the imaging device via a serial interface. Authentication and encrypted data communication between multiple units can be effectively realized.

If the image forming job is completed, the image forming apparatus measures the extent of consumables used for the image forming job, and transmits the measured value to each of the plurality of units. Therefore, it is possible to prevent incorrect information about the degree of used consumables from being recorded by mistake.

As a result, the data stored in the storage unit built in the imaging device is prevented from being copied or duplicated, and the security of the data is enhanced. It also prevents users from using uncertified units.

Description of drawings

The above and/or other aspects and features of the general inventive concept of the present invention will become clear and easier to understand by describing the embodiments below in conjunction with the accompanying drawings, wherein:

1 is a schematic block diagram illustrating a configuration of an image forming apparatus including replaceable units according to an exemplary embodiment of the present general inventive concept;

2 is a detailed block diagram illustrating a replaceable unit according to an exemplary embodiment of the present general inventive concept;

3 is a schematic block diagram illustrating an image forming apparatus according to an exemplary embodiment of the present general inventive concept;

4 is a schematic block diagram illustrating configurations of software built into an image forming apparatus and a replaceable unit according to an exemplary embodiment of the present general inventive concept;

5 is a flowchart illustrating a method of operating a replaceable unit and an image forming apparatus according to an exemplary embodiment of the present general inventive concept;

6 is a flowchart illustrating a process of changing an encryption algorithm by a replaceable unit according to an exemplary embodiment of the present general inventive concept; and

FIG. 7 is a flowchart illustrating a method of performing authentication and encrypted data communication between an image forming apparatus and a replaceable unit according to an exemplary embodiment of the present general inventive concept.

Detailed ways

Reference will now be made in detail to embodiments of the present general inventive concept, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout. The embodiments are described below in order to explain the present general inventive concept by referring to the figures.

FIG. 1 is a schematic block diagram illustrating a configuration of an image forming apparatus including replaceable units according to an exemplary embodiment of the present general inventive concept. As shown in FIG. 1 , the image forming apparatus 100 includes a main controller 110 , and the unit 200 may be built in the image forming apparatus 100 . The image forming apparatus 100 may be a copier, a printer, a multifunction peripheral, a facsimile, or a scanner.

The image forming apparatus 100 may include a CPU (OS) 110 a to control operations of the image forming apparatus 100 . Unit 200 refers to components designed to be installed and used individually. More specifically, the unit 200 may be a replaceable unit including a replaceable part 215 formed in the imaging apparatus and directly intervening in the imaging operation. For example, the replaceable part 215 of the replaceable unit 200 may be a toner or ink cartridge, a charging unit, a transfer unit, a fixing unit, an organic photosensitive conductor (OPC), a conveyance unit or a conveyance roller, or the like.

In addition, the unit 200 may be any other component required for the image forming apparatus 100 and may be replaced during use. That is, the unit 200 may be a customer replaceable unit monitoring (CRUM) unit capable of monitoring and managing states of components by being included in a replaceable unit, or may be a chip built into the CRUM unit. Unit 200 may be implemented in different forms, but for ease of illustration, unit 200 implemented as a replaceable unit is described below.

The main controller 110 may have an interface to communicate with an external device (not shown) to receive data, and may perform an imaging operation using the received data. The main controller 110 may also be connected to, for example, a facsimile unit or a scanning unit to receive or transmit data corresponding to an image forming device.

The imaging apparatus 100 may include an imaging unit 150 that performs an imaging operation using the unit 200 . The unit 200 may be a part of the imaging unit 150 when the unit 200 is installed into the body of the imaging apparatus 100 . The main controller 110 may control the storage unit 210 and the image forming unit 150 to convey a medium to form an image on the medium, and to discharge the medium.

As shown in FIG. 1 , the unit 200 includes a storage unit 210 and a central processing unit (CPU) 220 .

The storage unit 210 stores various types of information on the unit 200, more specifically, unique information (for example, information on a manufacturer of the unit 200, information on a manufacturing time, a serial number or a model number), various programs , information on electronic signatures, status information on usage status (for example, how many sheets have been printed so far, remaining printability, or how much toner is left).

For example, the storage unit 210 may store information as in Table 1 below.

As shown in Table 1 above, the storage unit 210 may store information on the life of consumables and setting menus and summary information on the unit 200 . The storage unit 210 may also store information of an operating system (OS) for processing data stored in the storage unit 210 so that the main controller 110 may control the imaging unit 150 and the unit 200 to perform imaging operations.

The CPU 220 manages the storage unit 210 using an operating system (OS) of the CPU 220. The OS for operating the unit 200 refers to software that operates general-purpose applications. Therefore, the CPU 220 can perform initialization by using the OS.

More specifically, the CPU 220 performs initialization at the time of a specific event, for example, when the imaging device 100 including the unit 200 is turned on, or when the unit 200 or a component including the unit 200 (for example, a replaceable unit) is incorporated into the imaging device 100 Or when the imaging device 100 is separated. Initialization includes initial drive of various applications used in the unit 200, secret calculation information required for data communication with the imaging device after initialization, setting of communication channels, initialization of memory values, confirmation of replacement time, The setting of register values and the setting of internal and external clock signals.

The setting of the register value refers to setting the function register value in the unit 200 in order to make the unit 200 operate in the same state as the state previously set by the user. In addition, the setting of the internal and external clock signals refers to adjusting the frequency of the external clock signal supplied from the main controller 110 of the imaging device 100 to the frequency of the internal clock used in the CPU 220 of the unit 200.

The confirmation of the replacement time refers to checking the remaining amount of toner or ink in use, predicting the time when the toner or ink will be exhausted, and notifying the main controller 110 of the time. If it is determined during initialization that the toner has been exhausted, the unit 200 may be implemented to automatically notify the main controller 110 that the operation cannot be performed after the initialization is completed. In other cases, since the unit 200 includes the OS of the CPU, various forms of initialization may be performed according to the type or characteristics of the unit 200 .

This initialization is performed by the unit 200 itself, so that it is performed independently of the initialization performed by the main controller 110 of the imaging device 100 .

As described above, the CPU 220 is built into the unit 200, and the unit 200 has its own OS, so if the image forming apparatus 100 is turned on, the main controller 110 can check the remaining amount of consumables stored in the storage unit 210 before requesting communication with the unit 200. volume and refill volume. Therefore, it takes a shorter time to notify the main controller that the consumable needs to be replaced. For example, if the toner is insufficient, the user may turn on the image forming apparatus 100 and directly shift the image forming apparatus 100 to the toner saving mode. Even when only one specific toner is insufficient, the user can perform the same operation.

Before the initialization is completed, the CPU 220 does not respond to the commands of the main controller 110. The main controller 110 periodically sends commands to the CPU 220 until the main controller 110 receives a response from the CPU 220.

If the main controller 110 receives a response, that is, an acknowledgment, authentication between the main controller 110 and the CPU 220 starts.

In this case, the OS in the unit 200 performs authentication through the interaction between the unit 200 and the imaging device 100 . However, in order for a conventional image forming apparatus to perform authentication, a main controller of the image forming apparatus unidirectionally accesses the unit, recognizes unique information for authentication, and compares the unique information with stored information.

However, the main controller 110 in the current image forming apparatus 100 performs its own initialization independently of the initialization of the unit 200 . Due to system size differences, initialization of unit 200 is done first. If the initialization of the unit 200 is completed, the unit 200 may drive an encryption algorithm using the OS. More specifically, the unit 200 may drive an encryption algorithm in response to a command of the main controller 110 so that mutual authentication between the main controller 110 and the unit 200 rather than one-way authentication of the main controller 110 may be performed. Therefore, the security of authentication is increased.

Such authentication is not limited to the above-mentioned examples, and it may be performed in various ways. For example, main controller 110 may receive a response from CPU 220 and send a command to CPU 220 requesting authentication. In this case, the random value R1 may be sent to the CPU 220 together with the command. The CPU 220 receives the request for authentication and the random value R1, uses the random value R1 to generate a session key, uses the generated session key to generate a first message authentication code (MAC), and uses the generated first MAC, the pre-stored electronic signature The information is sent to the main controller 110 along with the random value R2.

If the main controller 110 is authenticated by verifying the first MAC and the received electronic signature information, the main controller 110 generates a session key using the received random value R2 and the pre-generated random value R1, and uses the session key to generate the second session key. Two MACs. Finally, the main controller 110 verifies the second MAC by identifying whether the generated second MAC is the same as the received first MAC. As a result, the main controller 110 can determine whether authentication is successfully performed. As described above, since random values are used when sending information or commands for authentication, malicious hacking by a third party can be prevented.

If authentication is successfully performed, encrypted data communication is performed between the main controller 110 and the CPU of the unit 200 . As described above, since the unit 200 has its own OS, it can execute encryption algorithms. Accordingly, data validity may be determined by applying an encryption algorithm to data received from the image forming apparatus 100 . As a result of the determination, if the data is valid, the unit 200 receives the data and performs operations for processing the data. If the data is invalid, the unit 200 discards the data as soon as it is received. In this case, unit 200 may notify main controller 110 that there is a problem in data communication.

The encryption algorithm may use a public standard encryption algorithm. The encryption algorithm can be modified when the encryption key is made public or when enhanced security is required.

In the above exemplary embodiments of the present general inventive concept, since the unit 200 has its own OS, its own initialization, authentication and encrypted data communication between the unit 200 and the image forming apparatus 100 may be efficiently performed.

FIG. 2 is a detailed block diagram illustrating the replaceable unit 200 of the image forming apparatus 100 illustrated in FIG. 1 . The replaceable unit 200 of FIG. 2 also includes, in addition to the previously discussed storage unit 210 and CPU 220: a cipher unit 230, a tamper detector 240, and an interface unit 250. In addition, the replaceable unit 200 may further include a clock unit (not shown) that outputs a clock signal or a random value generator (not shown) that generates a random value for authentication. The replaceable unit 200 discussed herein may include fewer components or more components depending on the application. If the replaceable unit 200 is implemented as a semiconductor chip or a chip package, the chip or chip package itself may include the CPU 220, or may include the storage unit 210 and the CPU 220. If the chip includes only the CPU 220, the OS run by the CPU 220 may be provided by an external memory.

The cipher unit 230 supports encryption algorithms, and causes the CPU 220 to perform authentication or encrypted data communication with the main controller 110. Specifically, the cipher unit 230 may support one of four encryption algorithms (ie, ARIA, Triple Data Encryption Standard (TDES), SEED, and Advanced Encryption Standard (AES) symmetric key algorithms).

In order to perform authentication or encrypted data communication, the main controller 110 also supports the four encryption algorithms. Accordingly, the main controller 110 can determine which encryption algorithm is applied to the replaceable unit 200, can perform authentication using the determined encryption algorithm, and then can perform encrypted data communication with the CPU 220. As a result, the replaceable unit 200 can be easily installed in the image forming apparatus 100 so that encrypted data communication can be performed even when a key to which a specific encryption algorithm is applied is generated.

The tamper detector 240 protects against various physical hacking attacks, ie, tampering. More specifically, if an attack is detected by monitoring operating conditions such as voltage, temperature, pressure, light, or frequency, the tamper detector 240 may delete data related to the attack, or may physically prevent the attack. In this case, the tamper detector 240 may include an additional power source to provide power to maintain its operation. The attack may be a decap attack, which may be a potentially damaging attack on the CRUM unit 200, for example.

As described above, the replaceable unit 200 includes the cryptographic unit 230 and the tamper detector 240, and data can be systematically protected using either or both of hardware and software.

Referring to FIG. 2 , the storage unit 210 may include at least one of an OS memory 211 , a nonvolatile memory 212 and a volatile memory 213 .

The OS memory 211 stores an OS for operating the replaceable unit 200 . The nonvolatile memory 212 stores data in a nonvolatile form, and the volatile memory 213 is used as a temporary storage space required for operations. When the storage unit 210 includes an OS memory 211, a nonvolatile memory 212, and a volatile memory 213 as shown in FIG. 2, some of these memories may be built into the CPU 220 as an internal memory. Unlike general memories, the OS memory 211, the nonvolatile memory 212, and the volatile memory 213 may be implemented according to a design for security such as address/data line scrambling or bit encryption.

The nonvolatile memory 212 can store various information such as digital signature information, information on various encryption algorithms, information on the state of use of the replaceable unit 200 (for example, information on the remaining toner level, time when the toner needs to be replaced, or the amount of remaining paper to be printed), unique information (for example, information on the manufacturer of the replaceable unit 200, information on the date and time of manufacture, serial number or model number) or maintenance service information.

The interface unit 250 connects the CPU 220 and the main controller 110. The interface unit 250 may be implemented as a serial interface or a wireless interface. For example, a serial interface has an advantage of cost reduction because it uses fewer signals than a parallel interface, and is suitable for operating conditions that generate a lot of noise (for example, a printer).

Components shown in FIG. 2 are connected to each other via a bus, but this is only exemplary. Accordingly, it should be understood that components according to aspects of the present general inventive concept may be directly connected without a bus.

FIG. 3 is a block diagram illustrating an image forming apparatus 100 according to an exemplary embodiment of the present general inventive concept. The imaging apparatus 100 of FIG. 3 includes a main controller 110, a storage unit 120, an imaging unit 150, and a plurality of units 200-1, 200-2, . . . , 200-n, and the main controller 110 includes a CPU 110a having an OS. The plurality of units 200-1, 200-2, . . . , 200-n of FIG. 3 may be CRUM units, semiconductor chips, semiconductor chip packages, or replaceable units. For purposes of example only, the plurality of units 200-1, 200-2, . . . , 200-n are described below as replaceable units.

Multiple units are also required if a single system requires various consumables. For example, if the image forming apparatus 100 is a color printer, four color cartridges, namely, a cyan (C) cartridge, a magenta (M) cartridge, a yellow (Y) cartridge, and a black (K) cartridge, are installed in the color printer in order to express desired colors. )box. Additionally, color printers may include other consumables. Therefore, if a large number of cells are required, each cell requires its own input/output (I/O) channel, an arrangement that is inefficient. Thus, as shown in FIG. 3 , a single serial I/O channel can be used to connect each of the plurality of units 200 - 1 , 200 - 2 , . . . , 200 -n to the main controller 110 . The main controller 110 may access the plurality of units 200-1, 200-2, ... using a different address assigned to each of the plurality of units 200-1, 200-2, ..., 200-n , each of 200-n.

When the main controller 110 is turned on, or when the plurality of units 200-1, 200-2, . . . , 200-n are fully initialized, authentication is performed using unique digital signature information for each of the plurality of units 200-1, 200-2, . . . , 200-n.

If the authentication is successful, the main controller 110 performs encrypted data communication with a plurality of CPUs (not shown) in the plurality of units 200-1, 200-2, . Stored in a plurality of storage units (not shown) among the plurality of units 200-1, 200-2, . . . , 200-n. The main controller 110 and a plurality of CPUs can function as a master and a slave.

Here, encrypted data communication is performed by transmitting data that a user desires to transmit together with a MAC generated by encrypting data using a preset encryption algorithm and key. Since the data changes each time it is transmitted, the MAC also changes. Therefore, even when a third party intervenes in the data communication operation and finds the MAC, the third party cannot steal the subsequent data communication operation using the MAC.

If encrypted data communication is completed, the channel connecting the main controller 110 and the CPU is cut off.

The storage unit 120 stores various information including a plurality of encryption algorithms and key values required to authenticate each of the plurality of units 200-1, 200-2, . . . , 200-n.

The main controller 110 performs authentication and encrypted data communication using information stored in the storage unit 120 . Specifically, the main controller 110 performs authentication and encrypted data communication by applying, for example, one of the RSA asymmetric key algorithm and ARIA, TDES, SEED, AES symmetric key algorithms. Therefore, both asymmetric authentication processing and symmetric authentication processing are performed, so that the level of encryption can be increased compared to conventional techniques.

Although FIG. 3 shows the storage unit 120 as a single unit, the storage unit 120 may include a storage unit storing various encryption algorithm data, a storage unit required for other operations of the main controller 110, storing information about a plurality of units 200-1, 200-2, ..., 200-n information storage unit, or store information about the use of a plurality of units 200-1, 200-2, ..., 200-n (for example, pages to be printed number or remaining toner level).

The plurality of units 200-1, 200-2, . . . , 200-n installed in the image forming apparatus 100 of FIG. 3 may have the structure shown in FIG. 1 or FIG. 2 . Therefore, after sending an access command to a plurality of CPUs of a plurality of units 200-1, 200-2, ..., 200-n and receiving a response signal, the main controller 110 can access a plurality of units 200-1, 200-2, . . . , 200-n. Therefore, the multiple units according to the present general inventive concept are different from conventional schemes capable of accessing CRUM data using simple data writing and reading operations.

If the image forming apparatus 100 starts an image forming job, the main controller 110 may measure the level of consumables used for the job, and may transmit the measured levels of used consumables to the plurality of units 200-1, 200-2, . . . ., each of 200-n. More specifically, the image forming apparatus 100 may add the measured degree of used consumables to previously stored information on the use of consumables, and may refresh the information on the use of consumables. When the operation of transmitting the result value is performed in the prior art, if incorrect data is transmitted due to an error, incorrect information on the degree of used consumables may be recorded in the plurality of units 200-1, 200-2 , . . . , on each of 200-n. For example, if a new print job of 10 pages is completed after printing 1000 pages using the currently installed developer cartridge, the total value is 1010 pages. However, if some error occurs and if a value of 0 pages is sent, a print job of 0 pages may be recorded in the plurality of units 200-1, 200-2, . . . , 200-n. As a result, the user may not know exactly when the consumables need to be replaced.

To solve this problem, in an embodiment of the present general inventive concept, the main controller 110 may measure the level of consumables used for the job, and may transmit only the measured levels of used consumables to the plurality of units 200-1, Each of 200-2, . . . , 200-n. In this case, the main controller 110 can send the value of 10 pages, so that the plurality of units 200-1, 200-2, . . . , 200-n can transfer the newly received value "10 " is added to the value "1000" (ie, the previously stored value). Therefore, the information on the use of the consumables stored in the memory can be accurately updated to "1010".

In addition, the main controller 110 may separate the plurality of units 200-1, 200-2, . Manage information about the extent of consumables used.

However, in an embodiment of the present general inventive concept, the main controller 110 may transmit information on the degree of used consumables to the plurality of units 200-1, 200-2, . . . ., 200-n, the information about the use of consumables stored in the storage unit 120 is automatically updated.

For example, when printing 100 pages using the plurality of units 200-1, 200-2, ..., 200-n installed in the image forming apparatus 100, if 10 pages are also printed while executing a single job, the main 110 may send the value "10" to multiple units 200-1, 200-2, ..., 200-n, and may add the value "10" to the value "100" previously stored in memory unit 120 , thereby storing history information indicating that "110" pages were printed. Therefore, if a specific event is sent (for example, if the image forming apparatus 100 is reset, or the toner or ink is completely exhausted), or a preset time period comes, the main controller 110 and the plurality of units 200-1, 200-2, . . . , 200-n can compare their respective history information by using their respective CPUs, so that it can be checked whether data is normally recorded in the plurality of units 200-1, 200-2, . Each of the 200-n.

In other words, by comparing the information on the use of consumables stored in the storage unit 120 with the information on the use of consumables stored in the plurality of units 200-1, 200-2, . . . , 200-n, to determine the accuracy or inaccuracy of stored information about supply usage. In more detail, if an event occurs or a preset time period comes, the main controller 110 may transmit a command for requesting information on the use of consumables to the plurality of units 200-1, 200-2, . . . , 200-n. In response to the request command, the CPUs of the plurality of units 200-1, 200-2, .

If the information on the use of consumables stored in the storage unit 120 is different from the information on the use of consumables stored in the plurality of units 200-1, 200-2, . . . , 200-n, the main controller 110 may output erroneous information, or information determined to be correct may be reconciled and information on consumable usage may be updated.

Furthermore, if the information on the use of consumables stored in the storage unit 120 is different from the information on the use of consumables stored in one of the plurality of units 200-1, 200-2, . . . An error may occur when data is transmitted to the storage unit 120 , so the main controller 110 may transmit a command for changing information on the use of consumables stored in the storage unit 120 .

The imaging apparatus 100 may include an imaging unit 150 for performing an imaging operation using the units 200-1, 200-2, . . . , 200-n. When the units 200-1, 200-2, . . . , 200-n are installed in the main body of the imaging device 100, the units 200-1, 200-2, . part. The main controller 110 may control the storage units 120 and 210 and the image forming unit 150 to convey a medium to form an image on the medium, and to discharge the medium.

4 is a layered diagram illustrating a unit 200 and a host (ie, a configuration of software of an image forming apparatus) using the unit 200 according to an exemplary embodiment of the present general inventive concept.

Referring to FIGS. 1 and 4 , the software (a) of the image forming apparatus 100 may include, in addition to a general-purpose application program, an application for managing data of each unit, a device driver for performing its own management, and a program for executing commands. A security mechanism area that performs authentication and encryption with the unit 200 and a software encryption operation area that performs software encryption.

The software (b) of the unit 200 may include: a semiconductor IC chip area with various blocks protecting data; an App area for interfacing with host software; and an OS area for operating the aforementioned areas.

The device software area of FIG. 4 includes basic components of the OS, such as operation blocks and file management required to protect data. Briefly, the blocks include a program to control hardware for a security system, an application program to control the program using the hardware, and a program to prevent tampering with other programs. Since the application program for realizing the functions of CRUM is installed on the program as explained above, information stored on the data cannot be checked through the communication channel. The programs may be implemented in other structures to include the blocks. However, in order to effectively protect data, programs need to be programmed carefully, thereby protecting the OS.

The OS area in the software structure of FIG. 4 includes a memory recovery area 410 . The memory recovery area 410 is set to ensure whether or not the process according to the condition information of the update unit 200 has successfully completed the update.

Referring again to FIGS. 1 and 2, when data is written to the storage unit 210, the CPU 220 of the unit 200 backs up the previously recorded values in the memory recovery area 410, and sets a start flag.

For example, when an image forming job using the unit 200 is completed, the main controller 110 accesses the CPU 220 of the unit 200 to re-record condition information such as the number of sheets consumed or the amount of supplies when the print job is performed. If the power is cut off, or the print job is abnormally terminated due to external noise before the recording is completed, the conventional CRUM cannot determine whether the new condition information is normally recorded. If such abnormal conditions are repeated, it is difficult to trust the information, and it is difficult to manage the unit even with CRUM.

In order to prevent this problem, the OS according to an exemplary embodiment of the present general inventive concept sets a memory recovery area 410 in the OS. In this case, the CPU backs up the previously recorded data in the memory restoration area 410 and sets the start flag to 0 before recording the data. If a data write operation is processed, the start flag is continuously updated according to the data write operation.

In this case, if the data writing operation is abnormally terminated, the CPU checks the start flag after the power is turned on or after the system is stabilized. The CPU thus determines whether the data is normally written or not according to the change condition of the start flag value. If the difference between the start flag value and the initially set value is not significant, the CPU determines that data writing has failed, and rolls back the data to the previously recorded value. On the other hand, if the start flag value approximately coincides with the final value, the CPU determines that the currently recorded data is correct. Therefore, even when the power is turned off, or when the system operates abnormally, the data written into the unit 200 can be trusted.

FIG. 5 is a flowchart illustrating a method of operating a replaceable unit and an image forming apparatus according to an exemplary embodiment of the present general inventive concept. Referring to FIGS. 1 and 5, the CPU of the unit 200 determines whether a specific event occurs in operation S510. The specific event may include: a case where the imaging apparatus 100 is turned on; or a case where the unit 200 or a component including the unit 200 is installed in the imaging apparatus 100 .

If it is determined that a specific event has occurred, the unit 200 performs initialization of itself in operation S520. The initialization includes calculation of secret information required for data communication with the image forming apparatus after initialization, setting of a communication channel, initialization of memory values, checking remaining amount of toner or ink, confirmation of replacement time, or various other processes .

The main controller 110 of the image forming apparatus 100 transmits a command for attempting authentication between the main controller 110 and the CPU 220 in operation S530. If the main controller 110 does not receive a response from the CPU 220 at operation S540, the main controller 110 repeatedly transmits the command until a response is received.

When the response is received, at operation S550, the main controller 110 authenticates communication with the CPU 220 as explained above.

If authentication is successfully performed at operation S560, encrypted data communication with the main controller 110 is performed using an encryption algorithm at operation S570.

FIG. 6 is a diagram provided to explain a process of changing an encryption algorithm by the unit 200 according to an exemplary embodiment of the present general inventive concept. Referring to FIG. 6, the unit 200 may support, for example, ARIA, Triple Data Encryption Standard (TDES), SEED, and Advanced Encryption Standard (AES) symmetric key algorithms. Which algorithm to use may be determined when the key generation data is generated by a key writing system in the key management system (KMS) 600 .

If cracking of the encryption algorithm is performed, the encryption algorithm can be changed by acquiring a new key from the KMS to which the above four encryption algorithms are applied (instead of manufacturing a new unit 200).

As described above, the image forming apparatus 100 may support ARIA, TDES, SEED, and AES symmetric key algorithms in addition to the RSA asymmetric key algorithm. Therefore, even if the encryption algorithm applied to the unit 200 is changed, the imaging device 100 changes the encryption algorithm in response, and performs authentication and encrypted data communication.

Therefore, compared with the traditional technology that needs to replace the chip, the encryption algorithm can be changed conveniently by changing the key value.

FIG. 7 is a flowchart provided to explain a method of performing authentication and encryption of data communication according to an exemplary embodiment of the present general inventive concept. Referring to FIGS. 1 and 7, the image forming apparatus 100 transmits a command for requesting authentication together with a random value R1 in operation S710.

If a request for authentication is received, in operation S715, the unit 200 generates a session key using the received random value R1 and the random value R2 generated by the unit 200, and in operation S720, the unit 200 uses the generated session key to Generate a Message Authentication Code (MAC).

The first MAC generated by the unit 200 is pre-stored electronic signature information, and the first MAC is transmitted to the image forming apparatus 100 together with the random value R2 in operation S725.

In operation S730, the image forming apparatus 100 verifies the received electronic signature of the first MAC generated by the unit 200 by comparing the received electronic signature information with pre-stored electronic signature information. In order to verify the received electronic signature, if a plurality of units are installed in the image forming apparatus 100, the image forming apparatus 100 may store electronic signature information of each unit.

If the received electronic signature is verified, in operation S735, the image forming apparatus 100 may combine the pre-generated random value R1 with the received random value R2 to generate a session key, and in operation S740, the image forming apparatus 100 uses the generated session key The key generates a second MAC.

Then in operation S745, the image forming apparatus 100 compares the generated second MAC of the image forming apparatus 100 with the received first MAC of the replaceable unit 200 to determine whether the two independent MACs are consistent. Authentication is done based on the verification of the received first MAC of the replaceable unit 200 . If authentication is successfully performed, encrypted data communication can be performed.

In order to perform encrypted data communication, it is assumed that the image forming apparatus 100 uses the same key and encryption algorithm as those of the unit 200 . The key may be a session key as described above.

If the received first MAC of the replaceable unit 200 is completely verified, the image forming apparatus 100 generates a third MAC by applying a key and an encryption algorithm to data when generating a communication message in operation S750.

In operation S755, the image forming apparatus 100 transmits a communication message including the third MAC to the unit 200.

In operation S760, the unit 200 extracts a data part from the received communication message, and generates a fourth MAC by applying the aforementioned key and encryption algorithm to the data.

In operation S765, the unit 200 extracts a third MAC part from the received communication message, and performs authentication by comparing the extracted third MAC with the fourth MAC calculated by the unit 200.

If the extracted third MAC is consistent with the fourth MAC calculated by the unit 200, the communication message is regarded as a valid communication message at operation S770, and thus an operation corresponding to the message is performed. On the other hand, if the third MAC and the fourth MAC are inconsistent with each other, the communication message is considered to be an invalid communication message and is discarded.

The method of performing authentication and encryption of data communication is also applicable to the exemplary embodiments explained with reference to the accompanying drawings. The unit 200 may be implemented in different forms, such as a semiconductor chip or chip package, a regular unit or a replaceable unit.

The present general inventive concept can also be embodied as computer readable codes on a computer readable medium. The computer readable medium may include a computer readable recording medium and a computer readable transmission medium. The computer readable recording medium is any data storage device that can store data as a program, which can be thereafter read by a computer system. Examples of the computer readable recording medium include read only memory (ROM), random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage devices. The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion. The computer-readable transmission medium can transmit carrier waves or signals (eg, wired or wireless data transmission through the Internet). In addition, a programmer in the field to which the present general inventive concept pertains can easily explain functional programs, codes, and code segments for realizing the present general inventive concept.

While a few embodiments of the present general inventive concept have been shown and described, it should be understood by those skilled in the art that, without departing from the principles and spirit of the present general inventive concept, the scope of which is defined by the claims and their equivalents, modifications may be made. These examples vary.

Claims (33)

1. an imaging device, comprising:

The main body of imaging device;

At least one replaceable units, is installed to the main body of imaging device, for carrying out imaging operation,

Wherein, the main body of imaging device comprises for controlling the master controller of the operation of imaging device,

Wherein, described at least one replaceable units comprises:

Storage unit, storage is about the information of replaceable units, and storage operation system;

CPU, be connected to storage unit, wherein, when replaceable units is installed to imaging device, CPU is used the operating system in the storage unit that is stored in replaceable units to carry out initialization, CPU is configured to access and is stored in the information in storage unit, and the encrypted data communications of the master controller of execution and imaging device

Wherein, another operating system of the operating system of CPU and master controller operates independently,

Wherein, CPU carries out described encrypted data communications, make when the communication information that comprises data and the first message authentication code information is sent out from the main body of imaging device, described CPU assigns to produce the second message authentication code by the data portion of the communication information that key and cryptographic algorithm is applied to send, and when the second message authentication code producing compares with the first message authentication code information of the communication information of transmission and with described the first message authentication code information when consistent, it is also processed that the second message authentication code of generation is considered to effective communication information.

2. imaging device according to claim 1, wherein, the cell stores of replaceable units is the operating system of being carried out by CPU, and is included in operating system for carrying out initialized program, and the operating system of CPU is different from the operating system of master controller.

3. imaging device according to claim 1, wherein, described at least one replaceable units is carried out the encrypted data communications with master controller by being applied in the cryptographic algorithm of selecting in multiple encryption algorithms.

4. imaging device according to claim 1, wherein, master controller is the exclusive digital signature information of each setting in described at least one replaceable units by use, carries out the encrypted data communications with described at least one replaceable units.

5. imaging device according to claim 1, wherein, master controller is carried out encrypted data communications by application one of ARIA, TDES, SEED and AES symmetric key algorithm and RSA asymmetric key algorithm, and the CPU of described at least one replaceable units carries out encrypted data communications by application one of ARIA, TDES, SEED and AES symmetric key algorithm.

6. imaging device according to claim 1, wherein, replaceable units also comprises:

Cipher machine unit, the encrypted data communications of the master controller of permission CPU execution and imaging device;

Distort detecting device, physics steal is attempted responding.

7. imaging device according to claim 1, wherein, storage unit has the software configuration that comprises storer recovery region, and when the data write operation for storage unit is performed, CPU recovers the value backup of precedence record in region and opening flag is set at storer.

8. imaging device according to claim 7, wherein, when particular event occurs, CPU checks the value of the change of opening flag, then determines whether the value changing returns to the value of precedence record.

9. imaging device according to claim 1, wherein, master controller is connected to described at least one replaceable units by serial i/0 passage, and uses and distribute to each replaceable units address separately and visit described at least one replaceable units.

10. imaging device according to claim 1, wherein, when carrying out imaging operation, master controller is measured the value for the degree of the consumptive material use of described imaging operation, the value of measurement is sent to each CPU of described at least one replaceable units, described CPU, by described value and the pre-stored information of using about consumptive material addition in each storage unit, then upgrades the information of using about consumptive material.

11. imaging devices according to claim 10, wherein, the main body of imaging device also comprises for storing the storage unit of the information of using about consumptive material,

Wherein, the value of the degree that master controller uses the consumptive material of measuring and the pre-stored information of using about consumptive material addition in storage unit, and manage discretely with described at least one replaceable units the information of using about consumptive material.

12. imaging devices according to claim 11, wherein, master controller compares the information of using about consumptive material being stored in storage unit with the information of using about consumptive material being stored in replaceable units, determine the accuracy of the information of using about consumptive material of storage.

13. imaging devices according to claim 1, wherein, the cell stores of replaceable units is for carrying out the program with the encrypted data communications of master controller, describedly for carrying out the program of encrypted data communications, after the initialization of CPU, is performed.

14. imaging devices according to claim 1, wherein, replaceable units is the chip being built in user's replaceable units monitoring unit.

15. 1 kinds of user's replaceable units monitoring units for replaceable units, described replaceable units is arranged in imaging device removedly, and described imaging device has master controller, and described user's replaceable units monitoring unit comprises:

Storage unit, storage is about the information of replaceable units, and storage operation system;

CPU, be connected to storage unit, wherein, when replaceable units is installed to imaging device, CPU is used the operating system in the storage unit that is stored in replaceable units to carry out initialization, CPU is configured to access and is stored in the information in storage unit, and the encrypted data communications of the master controller of execution and imaging device

Wherein, another operating system of the operating system of CPU and master controller operates independently,

Wherein, CPU carries out described encrypted data communications, make when the communication information that comprises data and the first message authentication code information is sent out from the master controller of imaging device, described CPU assigns to produce the second message authentication code by the data portion of the communication information that key and cryptographic algorithm is applied to send, and when the second message authentication code producing compares with the first message authentication code information of the communication information of transmission and with described the first message authentication code information when consistent, it is also processed that the second message authentication code of generation is considered to effective communication information.

16. user's replaceable units monitoring units according to claim 15, wherein, cell stores is the operating system of being carried out by CPU, and is included in operating system for carrying out initialized program, and the operating system of CPU is different from the operating system of being carried out by master controller.

17. user's replaceable units monitoring units according to claim 15, wherein, after the authentication of the master controller with imaging device completes, CPU carries out described encrypted data communications.

18. user's replaceable units monitoring units according to claim 15, wherein, when imaging opening of device, and when thering is the replaceable units of described user's replaceable units monitoring unit and be installed on imaging device, CPU carries out initialization, and before initialization is done to coming the order of autonomous controller not respond.

19. user's replaceable units monitoring units according to claim 15, wherein, storage unit comprises at least one in following: operating system storer; Nonvolatile memory, with non-volatile form storage data; Volatile memory, with operating required interim storage space.

20. user's replaceable units monitoring units according to claim 15, also comprise:

Interface unit, is connected to CPU by master controller;

Distort detecting device, physics steal is attempted responding; And

Cipher machine unit, permission CPU carries out the encrypted data communications with master controller.

21. user's replaceable units monitoring units according to claim 15, wherein, described user's replaceable units monitoring unit is carried out the encrypted data communications with master controller by being applied in the cryptographic algorithm of selecting in multiple encryption algorithms.

22. user's replaceable units monitoring units according to claim 15, wherein, storage unit has the software configuration that comprises storer recovery region, and when the data write operation for storage unit is performed, CPU recovers the value backup of precedence record in region and opening flag is set at storer.

23. user's replaceable units monitoring units according to claim 22, wherein, when particular event occurs, CPU checks the value of the change of opening flag, then determines whether the value changing returns to the value of precedence record.

24. user's replaceable units monitoring units according to claim 15, wherein, CPU receives the value of the degree of the consumptive material use that is used for imaging operation when carrying out imaging operation from master controller, and CPU is added described value and the information of using about consumptive material being stored in storage unit, then refreshes the information of using about consumptive material.

25. 1 kinds of replaceable unitses that are arranged on removedly in imaging device, described imaging device has master controller, and described replaceable units comprises:

Storage unit, storage is about the information of replaceable units, and storage operation system;

CPU, be connected to storage unit, wherein, when replaceable units is installed to imaging device, CPU is used the operating system in the storage unit that is stored in replaceable units to carry out initialization, CPU is configured to access and is stored in the information in storage unit, and the encrypted data communications of the master controller of execution and imaging device

Wherein, another operating system of the operating system of CPU and master controller operates independently,

Wherein, CPU carries out described encrypted data communications, make when the communication information that comprises data and the first message authentication code information is sent out from the master controller of imaging device, described CPU assigns to produce the second message authentication code by the data portion of the communication information that key and cryptographic algorithm is applied to send, and when the second message authentication code producing compares with the first message authentication code information of the communication information of transmission and with described the first message authentication code information when consistent, it is also processed that the second message authentication code of generation is considered to effective communication information.

26. replaceable unitses according to claim 25, wherein, cell stores is the operating system of being carried out by CPU, and is included in operating system for carrying out initialized program, and the operating system of CPU is different from the operating system of being carried out by master controller.

27. replaceable unitses according to claim 25, wherein, after the authentication of the master controller with imaging device completes, CPU carries out described encrypted data communications.

28. replaceable unitses according to claim 25, wherein, when imaging opening of device, and when described replaceable units is installed on imaging device, CPU carries out initialization, and before initialization is done, the order of the master controller from imaging device is not responded.

29. replaceable unitses according to claim 25, wherein, storage unit comprises at least one in following: operating system storer; Nonvolatile memory, with non-volatile form storage data; Volatile memory, with operating required interim storage space.

30. replaceable unitses according to claim 25, also comprise:

Interface unit, is connected to CPU by described master controller;

Distort detecting device, physics steal is attempted responding; And

Cipher machine unit, permission CPU carries out the encrypted data communications with described master controller.

31. replaceable unitses according to claim 25, wherein, described replaceable units is carried out the encrypted data communications with master controller by being applied in the cryptographic algorithm of selecting in multiple encryption algorithms.

32. replaceable unitses according to claim 25, wherein, storage unit has the software configuration that comprises storer recovery region, and when the data write operation for storage unit is performed, CPU recovers the value backup of precedence record in region and opening flag is set at storer, and when particular event occurs, CPU also checks the value of the change of opening flag, then determine whether the value changing returns to the value of precedence record.

33. replaceable unitses according to claim 25, wherein, CPU receives the value of the usage degree of the consumptive material using when using described replaceable units to carry out imaging operation from the master controller of imaging device, and CPU is added described value and the information of using about consumptive material being stored in storage unit, then refreshes the information of using about consumptive material.